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WE CLAIM: 

1. A secure component-based operating process including: 

(a) retrieving at least one comporent; 

(b) retrieving a record that specifies a component assembly; 

(c) checking said component andpr said record for validity; 

(d) using said component to forn^ said component assembly 
in accordance with said record; and 

(e) performing a process based kt least in part on said 
component assembly. 

2. A process as in claim 1 wtterein said step (c) comprises 
executing said component assembl 

3. A process as in claim y wherein said component 
comprises executable code. 



4. A process as in 
comprises a load module. 



wherein said component 



wherein: 



5. A process as inyclaim 1 
said record comprises: 

(i) directi/ns for asse^psWing said component 

assembly; and 

(ii) inf^a^ that at least in part specifies a 
control; and 

said process further comprises controlling said step (d) 
and/or said step/(e) based at least in part on said cpntroL 

6. A pricess as in claim 1 wherein said component has a 
security wradter, and said controlling step comprises selectively 
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opening said security wrjapper based at least in part on said 
control. 



7. A process as 



in c 



aim 1 whereiu: 

said permissions recprd includes at least one decryption key; 

and 

said controlling step 
decryption key. 



8. A process as in c 
of said steps (a) and (e) wift: 



includes controlling use of said 



aim i^Hrcnramg performing at least two 
n af^protectetf processing environment. 



9. A process as in alaim 1 
of said steps (a) and (e) ajl least 
hardware. 



iiyguidiiig p^orming at least two 
part within jtamper-resistant 



1 10. A method as jm claim i| wheyefm said performing step (e) 

2 includes metering usag 



1 11. A method as in claim 1 wherein said performing step (e) 

2 includes auditing us^lge. 
1 

1 12. A methoa as in claim 1 wherein said performing step (e) 

2 includes budgeting usage. 

1 13. A secure component operating system process including: 

2 receiving a component; 

3 receiving/directions specifying use of said component to form 

4 a component assembly; 
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authenticating/said received component and/or said 
directions; | 

forming, usingNsaid component, said component assembly 
based at least in part op said received directions; and 

using said component assembly to perform at least one 
operation. 

14. A method comprising performing the following steps 
within a secure operati ig system environment: 
providing code; 
providing directions specifying assembly of said code into an 

executable program; 

checking said re( eivpdr'^ode and/ot said assembly directors 

for validity; and 



in response 



to ^ curren ;e of a^ event, assembling said code 
in accordance with said recei^e^sembly directions to form an 
assembly for execution. 



15. A method/for managing at \eakt one resource with a 
secure operating eiwironment,lsaid nifethod comprising: 

securely recdlving a firsAcplitrol ftx)m a first entity external 
to said operating environmej 

securely reaeiving aTsecond control from a second entity 
external to said dperajtog environment, said second entity being 
different firom said first entity; 

securely Processing, using at least one resource, a data item 
associated witW said first and second controls; and 

securely/applying said first and second controls to manage 
said resource tor use with said data item. 
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16. A method for securely managing at least one operation 
on a data item performed at least in part by an electronic 
arrangement, said method comprising: 

(a) securely delivering a first procedure to said electronic 
arrangement; 

(b) securely delivering, to said electronic arrangement, a 
second procedure separable or separate from said first procedure; 

(c) performing at least one operation on said data item, 
including using said first and second procedures in combination to 
at least in part securely manage said operationjand 

(d) securely conditioning at>lstone aspect of use of said 



data item based on saii 
occurred. 

17. A method as 
delivering step (b) at a 
step (a) is performed 



mng sfeps (a) 



Ah) having 



in claim 16 iicliiditll^erfotoing said 
time differenafrom the timefeaid delivering 



18. A method ai in claim 16 wherein step (a) includes 
dehvering said first procedure fi^m a Br^^ and said step (b) 
includes deUvering sid second proc^^ from a second source 
different from said first source. 



19. A method/ as in claim 16 further including ensuring the 
integrity of said firJt and second procedures. 

20. A methid as in claim 16 further including validating 
each of said first dnd second procedures. 
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21. A method a< 
authenticating each of 



in claim 16 further including 
said first and second procedures. 



22. A method as 
includes executing at 
within a tamper-resis 



in claim 16 wherein said using step (c) 
Uast one of said first and second procedures 
t environment. 



23. A method as in claim 16 wherein said step (c) includes 
the step of controlling sa^i data item with at least one of said first 
and second procedures. 



24. A method as in 
relationship between at 
procedures and said data 



25. A method as in 
correspondence between s 
first and second procedui es 



claim l&iurtker including establishing a 
le ist Qsne of saiq first and/second 
tem. 



claim 16 furthe|r including estkblishing 
aid data item anid at least one erf said 



26. A method as in claim 16 wherein\said delivering step (b) 
comprises delivering at /least one load module ^crypted at least in 
part. 



27. A method ai in claim 26 wherein said delivering step (a) 
comprises delivering c|t least one further load modxile encrypted at 
least in part. 



28. A method i\a in claim 16 wherein said delivering step (b) 
comprises delivering it least one content container carrying at 
least in part encrypteli control information. 





ffi 



s 



I 

29. A method as ini claim 16 wherein said delivering step 



mtiol method and at least one fui ther 



urn 16 wherein said delivering step (a) 



1 

2 (b) comprises delivering a cp 

3 method. 

1 30. A method as in c 

2 includes 

3 encrypting at least a nortion of said first procedure, 

4 communicating said at least in part encrypted first 

5 procedure to said electronia arrangement, 

6 decrypting at least apportion of said first procedure at least 

7 in part using said electronic arjang&mexlt, and 

8 validating said fir^fprocpdure wi^ih said electronic 

9 arrangement. 

1 31. A method a^in claiiA iS^erein sa^d delivering step (b) 

2 includes delivering at least onelof said first a/d second procedures 

3 within an administrajtive object\ 

1 32. A method as in claim Ve^^erein said dehvering step (b) 

2 includes codeliveriAg said second^rocedure in at least in part 

3 encrypted form with said da^item. 

1 33. A me^lnod as in^claim 16 wherein said performing step 

2 includes meteqfag usage. 

1 34. A /lethod as in claim 16 wherein said performing step 

2 includes au(j&ting usage. 

1 35. Jl method as in claim 16 wherein said performing step 

2 includes budgeting usage. 
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36. A method for kecurely managing at least one operation 
performed at least in par^by a secure electronic appliance, 
comprising: 

(a) selecting an item\that is protected with respect to at 
least one operation; 

(b) securely independently delivering plural separate 
procedures to said electronic Appliance; 

(c) using said plural senarate procedures in combination to 
at least in part securely manai^e said operation with respect to 
said selected item; and 

(d) conditioning successftll comptgSon of sai^ operation on 
said delivering step (b) having bpoirTed. 

37. A method for processing |)ased o^in^B^endgni 
deliverables comprising: 

securely delivering a fi/st pie^e of code defini^ a first part 

of a process; 

separately, securely delivering! a second/^iece of code 
defining a second part of said process 

ensuring the integrjty of the fir^^d second delivered 

pieces of code; and 

performing said n^ocess bas/d at least in part on said first 

and second delivered aide pieces. 



38. 



A method L in claim 37 wherein a first piece of code for 



said process at least 



39. A method 



in part controls decrypting content. 



las in claim 37 wherein said ensuring step 
includes vaUdating s\^rst and second pieces of code. 
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1 40. A metho^ as in claim 37 wherein said ensuring step 

2 includes validating s^id first and second pieces of code relative to 

3 one another. 
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41. A method as an claim 37 wherein said performing step 
includes metering usage . 

42. A method as i i claim 37 wherein said performing step 
includes auditing activit es. 



43. A method as 
includes budgeting usag 



44. A method as 
includes electronically 
controls. 



i 1 claim 




ireuTS^d performing step 



n claim 37 whereiiis5id4ierforming step 
rocessing content based on electronic 



45. A method ot securely controlling at least one protected 
operation with respect to a data item dpmRnsing: 

(a) supplying at least a first control from a first party; 



(b) supplying 



It least a seceild control from a second party 
different from said first party; 

(c) securely co nbining said first and second controls to form 
a set of controls; 

(d) securely associating said control set with said data 

item; and 

(e) securely c )ntrolling at least one protected operation with 
respect to said dataHtem based on said control set. 
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46. A method aslin claim 45 wherein said data item is 



protected. 



47. A method as i 
plural controls includes 
aspect of use of said 



prot jcted 



II L 



48. A method as i 
plural controls include a 
aspect of use of said protected 



claim 45 wherein at least one of said 
control relating to metering at least one 
data item. 



claim 45 wherein at least one of said 
:ontTol relating to budgeting at least one 
data item. 



data item havixiKat least a 



49. A secure methjod for^ombi/iing data )tems into a 
composite data item compnsing: 

(a) securely proviaing a first djaU it^ having at least a first 
control associated therewith; 

(b) securely proviaing a secom I 
second control associated therewith; 

(c) forming a composite of said first and second/data items; 

(d) securely combining said firist and second^trols into a 
composite control set;/and \ 

(e) performing/at least one opeVatio^/<5n said composite of 
said first and second/ data items base^^least in part on said 
composite control set. 

50. A meth/d as in claim 49 wherein said combining step 
includes preservi/g each of said first and second controls in said 
composite set. 



51. Am 
comprises 



thod as in claim 49 wherein said performing step 
govehung the operation on said composite of said first 



V; 
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and second data items in accordance with said first control and 
said second control . 



52. A method as in claim 
includes ensuring the integrity 



49 wherein said providing step 
)f said association between said 



first controls and said first data item is maintained during at least 
one of transmission, storage and processing of said first data item. 



53. A method as in claim 49 wherein said providing step 
comprises delivering said ^t data item separately from said first 
control , 



54. A method as^n claim 
comprises codeliveiwg said firsi 



and 



49 wherein said providing step 
data item and said first control 



55. A secure/method for qon tilling a protected operation 
comprising: 



(a) delivering at least a fiist control and a second control; 



protected oj^ration based at least 



(b) controlling at least one 
in part on^ combination of said first and/second controls, 
including'^ at least one of the foUoJwing^ps: 

resolving at least one ccmflict between said first and 
secoi^ controls based on a predefined order; 

providing an interaction with a user to form said 
c/mbination; and 

dynamicallyAegotating between said first and second 

controls. 
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56. A method as in cU 
(b) includes controlling deciypt 



57. A method as in clai^ 
receiving protected electionic 
authenticating the identity 
received protected electronic co itent 



55 wherein said controlling step 
ion of electronic content. 



55 further including: 

content from a party; and 
of said party prior to using said 



1 58. A secure method copprising: 

2 selecting protected dat 

3 extracting said protected data frx)m an object; 

4 identifying at least oife control to manage at least one aspect 

5 of use of said extracted dat 

6 placing said extracted^ data iijto a furthej/ object; and 

7 associating said ayleast one qontrol w^tn said further object. 

1 59. A method did in claim 58 hirtKer including limiting at 

2 least one aspect of use of said furthqr object based jon said at least 

3 one control. 



1 60. A secii^ method of modif}png a protected object 

2 comprising: 

3 (a) providing a protected object;^a^d 

4 (b) embedding at least one additional element into said 

5 protected ^ject without improte9ting said object. 



1 
2 
3 
4 



)1. A method as in claim 60 further including: 
associating at least one control with said object; and 
limiting usage of said element in accordance with said 



itroL 
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A 

1 62. A method ak in claim 60 further including including a 

2 permissions record within said object. 



1 63. A method as in Maim 61 further including at least in 

2 part encrypting said object. 
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64. A method for mans 
secure operating environment 



securely receiving a firsi load mo< 



external to said operating envi 
securely receiving a seci 



ing at least one resource with a 
said method comprising: 



3t entity 



ronznent; 
d load module fronf a second entity 
external to said operating env ^nment, said second entity being 
different from said first entity; 

securely processing, usi ng at lekst orfajesofifce, sTllata item 
associated with said first and second Ipad modules; and 

securely applying said Ifirst and second load modi^s to 
manage said resource for use with said\data item. 

65. A method for negotiating elec^pnic extracts, 
comprising: 1 

receiving a first cont "ol set from a T^pffaote site; 
providing a second c mtrol set; 

performing, within s protected/processing environment, an 
electronic negotiation bet^ een said nrst control set and said 
second control set, includi ig providing interaction between said 
first and second control sets; and 

producing a negotiated control set resulting from said 
interaction between said irst and second control sets. 

66. A system for si^orting electronic commerce including: 
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means for creating a first secure control set at a first 
location; 

means for creating a second secure control set at a second 
location; 

means for securely (bmmunicating said first secure control 
set from said first location Ito said second location; and 

means at said second location for securely integrating said 
first and second control set^ to produce at least a third control set 
comprising plural elements together comprising an electronic value 
chain extended agreement. 



67. A system for supfpoFtfhg electronic commerce including: 
means for creating 9lfirst secure contipl set at a first 
location; ( 

means for creating 4 secondjsecur/ control set at a second 
location; 

means for securely Icommunibating said first kecure control 
set from said first locaticp to said second locationAnd 

negotiation means at said second locatiozyfor negotiating an 
electronic contract through secure execution 91 at least a portion of 
said first and second sei:ure control s^ts. 



68. A system in claim 67 fu^er including means for 
controlling use by a wer of protec^d information content based on 
at least a portion of qaid first ano/or second control sets. 



69. A system 
charging for at least 



IS in claim 67 further including means for 
a part of said content use. 



70. A secure c*mponent-based operating system including: 
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component re^e\-ing means for retrie\ing at least one 
component; 

record retrieving means for retrieving a record that specifies 
a component assembly;] 

checking means, doupled to said component retrieving means 
and said record retrieving means, for checking said component 
and/or said record for validity; 

using means, coupled to said checking means, for using said 
component to form said c omponent assembly in accordance with 
said record; and 

performing means, 
performing a process bas^d at 
assembly 



coupled to said using means, for 

on said component 



Dnent-b^sed opc^rating system including: 
^es, from a secure database, 
record fhat specifies a 



jtne> 



71. A secure comp: 

a database managitr that 
at least one component sfnd at le^ 
component assembly; 

an authenticating manager \that checl^said component 
and/or said record for validity; 

a channel manager that used 
component assembly in accordance 

an execution manager that x^rforms a process based at least 
in part on said component assembly. 



I sail 



component to form said 
\h said record; and 



72. A secure 
means for 
means for 
component to form 



:omponent operating system including: 
redeiving a component; 
reqeiving directions specifying use of said 
component assembly; 



v 
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means, couMed to said receiving means, for authenticating 
said received component and/or said directions; 

means, couple\i to said authenticating means, for forming, 
using said componenlt, said component assembly based at least in 
part on said received! directions; and 

means, coupled to said forming means, for using said 



component assembly 



;o perform at least one operation. 



specifying use of said 
an authenticati 



73. A secure component operating environment including: 
a storage devic^ that stores a cgjapOnent an^ directions 

componep^o form a com|K)nent assembly; 
ng manager^that auth^ticates said 
component and/or said jdirections; 

a channel manager that forms, usiA g said com ponent, said 
component assembly based at lea tt in part on said directions; and 
a channel th£^ executes sai(| component asse;nbly to perform 
least one operation. 



74. A secure operating system enviroiiment comprising: 
a storage device that stores coae axm directors specifying 

assembly of said code into an executable program; 

a validatinf device that checks said received code and/or 
said assembly directors for validity; and 

an event-diiven channel yttiat, in response to occurrence of 
an event, assemb es said code[in accordance with said assembly 
directions to form an assembly^r execution. 

75. A securp operating environment system for managing at 
least one resource fomprising: 
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a communications arrangement that securely receives a first 
control from a first entity external to said operating environment, 
and securely receives aVsecond control from a second entity 
external to said operating environment, said second entity being 
different from said first entity; and 

a protected processing environment, coupled to said 
communications arrangement, that: 

(a) securely processes, using at least one resource, a 
data item associated with said first and second controls, and 

(b) securely applies said first and second controls to 
manage said resource for u^e of said data item. 

76. A system for negjotiatj^ electronic contracts, 
comprising: 

a storage arrangeme 
received from a remote site, and 

a protected processpg envipnment, coupled to said storage 
arrangement, that: 

(a) performs ari electronic Negotiation between 
said first control set and said second control/set, 

(b) provides intvactiot/between said first and 
second control sets, 

(c) jproduces a neg/tiated control set resulting 




)res a first control set 
;tores/k second control set; 



from said interaction 



Detween said nrst and second control sets. 



77. A system as 
electronically enforciz g 



in claim 76\further including means for 
said negotiated control set. 



V 



-781 



• 



\ 



78. A system as in claim 76 further including means for 
generating an elf ctronic contract based on said negotiated control 
set. 



79. A method for supporting electronic commerce including: 
creating a firstysecure control set at a first location; 
creating a second secure control set at a second location; 
securely communicating said first secure control set from 

said first location to S£ id second location; and 

electronically negotiating, at said second location, an 
electronic contract, inoluding the steg^ofsecurely executing at least 
a portion of said first and s5jB<Jfid\secure coVrol sets. 

80. An electromc appliance composing: 
a processor; and 

at least one memory device connected to saiti processor; 
wherein said processor includes: 

retrievifng means for reme\"ing at leAst one 
component, and at /least one record wiat specifies a component 
assembly, from saip memory device, 

checking means coupled dq s^d retrieving means for 
checking siad component and/or saicLrecord for validity, and 

using means coupled to said retrieving means for 
using said component to form saK^coniponent assembly in 
accordance with said record. 



81. An electronic appliance comprising: 
at least one u}rocessor, 

at least one memory device connected to said processor; and 
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at least one input/output connection coupled to said 
processor, \ 

wherein said processor at least in part executes a rights 
operating system to piovici^ a secure operating environment within 
said electronic appliance. 

82. An electronic ap chance as in claim 81 wherein said 
processor includes means for providing a channel, said channel 
assembling independently/ deliverable components into a 
component assembly and executing said component assembly. 



83. An electronic apphance as in claim 81 further including 
a secondary storage devifce cou^led^Cosaid proces^r, said 
secondary storage device sjcJrmj ; a secure database^, said processor 
including means for depyting information obtained from said 
secure database and fdr encrypting informatio^to be written to 
said secure database. 



84. An electronic applianc^ as in claim 81 where^ said 
processor and said diemory device[ are disposed in a ^cure, 
tamper-resistance encapsulation. 



85. An electronic appliance as in clai:^ 81 wherein said 
processor includes a hardware encryptoivdecryptor. 



86. An 
processor includes 



processor includi 



eleptronic applian 
a real time 




in claim 81 wherein said 



87. An electronic appliance as in claim 81 wherein said 



a random number generator. 
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88. An electronic appliance as in claim 81 wherein said 
memory device stores audit infomnation. 



89. A method for auditing ihe use of at least one resource 
with a secure operating environment, said method comprising: 

securely receiving a first control from a first entity external 
to said operating environment; 

securely receiving a secondf control from a second entity 
external to said operating enviijonment, said second entity being 
different from said first entity;/ 

using at least one resoufrce; 

securely sending to said firsLsnii^ in accordance with said 
first control, first audit ii}^;irrma|tion concerning use of said 
resource; and 

securely sendin^^ said ^econd eiftity in accordance with 
said second control, sefond audjit inf<^ pation concerning use of 



said resource, said second audii 



information beink at least in part 



different from said first audit information. 

90. A metnod for auditing the use of ^ least one resource 
with a secure o/perating environment, sa^method comprising: 

securely receiving first andWcpf^d control alternatives fix)m 
an entity external to said operatin^environment; 

sele/ting one of said first and second control alternatives; 

usmg at least one resource; 

iysaid first control alternative is selected by said selecting 
step, s/curely sending to said entity in accordance with said first 
contrdl alternative, first audit information concerning use of said 
resouice; and 
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1^ 



if said second comw)l alterna 
step, securely sending to s^d sec 



co^i 



said second control alterna 
concerning iise of said rcso 
being at least in part di 





, seconld a 



:e, said 
from <;ai 



ted by said selecting 
accordance with 
ation 
information 
audit information. 
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